Oracle Blog

My thoughts heading into 2007

It has been a long time since my last post. The fact that it
coincided with the holiday season shouldn't lead you to think that I was
enjoying some well deserved time off. It has, in fact, been quite the opposite.
Things have been really busy in the identity management group recently, and I
have been working hard on some interesting problems that will influence the
future direction of the OIM product. Hopefully I will be able to share the
results of that work with all of you really soon.

January is the month when everyone comes out with their
predictions for the coming year. Since this post is coming in at the tail end of
January (hopefully I will get it out in time to keep that statement true), I
toyed with the idea of doing my own post on trends in the identity management
space. But having read quite a few of those over the last month, I think
anything I could possible say has pretty much been covered already.

Next week is the RSA Conference. And this year, Oracle is
planning on showcasing its move into identity management in a big way. Everyone
has been talking about the way in which Oracle has aggressively moved into a
leadership position in the space (just check out Burton's report on the identity management
landscape for 2007). So it comes as no surprise that everyone is curious to
know how Oracle will approach the future.

I therefore decided on a different tack. Instead of trying
to predict what will happen in 2007, I decided to share my thoughts on what I
feel are the main philosophies that will drive the work our team will be doing
this year. This is not meant to be a complete list, and I cannot stress enough
that these are my personal thoughts (I have been told to make that very clear).
It will be interesting to hear if you think there is anything else that should
be at the top of our minds.

So here goes...

Convergence: This is the big one. For a long time, the main
demand from the market has been the integrated IdM suite. But in a world where
services will be the main way in which identity technology is consumed, it is
actually the next progression that we need to be looking at. Having multiple
products that are able to interoperate is good, but that still leaves the model
open to redundancy and maintenance headaches. Simply changing all those products
into a service is also not good enough. And more and more concepts are making
their way into every aspect of identity management. If I define a SoD policy in
my provisioning system, why should I have to re-define it in my authorization
service? Convergence of these various products into a unified construct that
supports multiple service modules will help eliminate some of the management
nightmares that make project managers pull their hair out, and make life a
whole lot simpler. Which leads me to my next topic - simplification.

Elegance (aka Simplicity without Loss of Functionality): All
too often, the words simplicity and flexibility seem to be mutually exclusive.
This is especially true for IdM products. Proof-Of-Concept engagements in the IdM world often come down
to a decision between a product that can solve the use case and a product that is easier to manage. But there is no reason why the two can't be brought
together in an elegant way.

Privacy: The strong desire individuals have for privacy led
to the birth of user-centric identity as a new IdM methodology, and enterprise
IdM is still struggling to work out what this means for it. However, one thing is
sure. We cannot continue to develop identity management software without
building in support for privacy controls that provide better protection and
management options to the people whose identities are at the core of these
products. And as enterprises themselves become more aware of their
responsibilities in this area, they will demand the kind of frameworks that the
recently announced IGF standard aims to support.

Strength: The
tagline for Oracle's Fusion Middleware suite includes the word "Unbreakable". To me, the word
reflects the multiple facets of what our identity products need to be - secure
so they can't be compromised, adaptable so they can deal with any kind of
customer use case without bending and powerful so they can gracefully deal with
the increased usage that identity services are going to be subject to.

Well, those are the keywords that will be guiding at least
my efforts in evolving our products. In my next post, I will finally get around to
the animated discussions that my comments about role management vs.
provisioning set off, and how the philosophies I talked about above (one in particular)
will impact what we will do about it. And if you happen to be attending the RSA
Conference, drop me a line and maybe we can get together for a chat.